Index cluster Migration to FIPS- Am I going to hav...

bstimely · ‎04-26-2023

I have a large single site index cluster running 9.0.4 . Inter server communication is secured with third party certificates. The hosts are all older Linux boxes. I need to move to RHEL8 and turn on FIPS. Am I going to have any interoperability issues communication in the Cluster with some FIPS and some Non FIPS systems with certificates created without FIPS?

bstimely · ‎04-27-2023

Thanks, I know how to do the migration. I am asking if anyone has experienced any issues with some machines using FIPS compliant algorythms and certs and other indexers in the cluster not enforcing FIPS?

VatsalJagani · ‎04-27-2023

@bstimely - Ideal way to perform this migration is as follows:

For this, you need to have ReplicationFactor at least 2.
Create a totally new Indexer on FIPS.
- Do all the configuration of certificates and stuff.
Add the new indexer to the cluster.
- Make sure your new indexer is getting the new data. And also some data is being replicated from old Indexers to this new indexer.
Do the same for all the new Indexers you want to add.
Put the old indexers into manual detention. This stops them from accepting new data so all new data will be on the new indexers.
Stop one indexer using Splunk off-line enforce-counts. This will make sure the indexer's buckets are transferred to other (new) indexers.
- Wait for the indexer to shut down.
- Repeat steps 3-4 with each of the remaining old indexers one at a time.
Retire the old indexers.

I hope this helps!! Kindly upvote if you find it useful!!!

Index cluster Migration to FIPS- Am I going to have any interoperability issues?

administration

configuration

upgrade

using Splunk Enterprise

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Data Management Digest – December 2025

Join the Conversation